"Stateless Linux" project
jjengla at sandia.gov
Tue Sep 14 17:44:07 UTC 2004
On Tue, 2004-09-14 at 09:45, Steve Coleman wrote:
> John Hearns john.hearns-at-clustervision.com |fedora| wrote:
> I was just basically saying to make sure security is thought about early
> in the boot process, or at least as early as possible.
I believe the best way to implement a security model here would be to
add the authentication into the initrd. Some form of authentication
could be done before the root filesystem is ever mounted, but NFS v3 is
not a secure protocol. If NFS is being exported to a certain node, no
amount of client-side authentication can stop someone from getting to a
prompt and running the 'mount -t nfs' by hand. This pushes the security
concerns onto the NFS server. I believe that NFS v4 has paid more
attention to security details.
More information about the devel